email hijackers

this is my first try at posting please bare with me. i have found falowing threads vary helpfull in the past.
im runing xp home + sp2, on a dell laptop. i use mozila and fierfox not a big fan of bill G. & IE. use spybot, hyjackthis, adawareSE, spywareblaster, and macafe sercurity. i kep them all updated and run most once a day.

today 3/14/05 i got the email i copyed below. it looks to me like fierfox got hyjacked and is being used to spam. there is no record in my outbox and i dont know the address. last time this hapend it was (mydoom) and i resalved it by falowing the directions on a thread hear at techspot.

dose anybody have any direction for me on whare to start. the email has 2 atachments. if i right click opin on the info line for the second i get
mailbox:///c|/documents%20and%20settings/samlhop/app......... thats all i can see. no other simaler complants have come back to me.

how should i proced? thanks for your input. sam hopkins

BANNED FILENAME ALERT

Your message to: email removed
was blocked by our Spam Firewall. The email you sent with the following subject has NOT BEEN DELIVERED:

Subject: Server Error (email removed)

An attachment in that mail was of a file type that the Spam Firewall is set to block.

If you set your previous settings back to normal, does the hijacker reset them again? Meaning, if you plug your personal settings back, does the hijacker set them to malicious sites and stuff? Exactly what happened?

vhunter i can tell that anthing has been changed. i cant find any record of sending a mesage to that address. and i have had no other notafacations of spam coming from my address. when i had (mydoom) mi ISP notide me that spam was coming from my address.

thanks for the reply. got any ideas ? what setting should i check? thanks

all thats hapind is my in box got wipped put the stuff was still on the server so i could get it with my other box. i havent had any other notisis about my ip address spaming so i think your right. last time direcway notifyed me about large amount of mail. comertial volume is the way thay put it last time with mydoom. this is probly nothing.

what would you look at? the hole idea is that its not redaly noticabull. would it show up in my outbox, or some mail seting? i ges im disnerved cus i dont know whare to look. hyjack this found no referince to mailbox///c|/ that loked lik a temp to me i could not any referince to it on my systom.

What program are you using? If it's outlook, then it may have archived your box, then deleted the messages. Posting your HJT log would be very helpful. Just do a HJT scan, with the option to save the log selected, then on your next post, go down the page and attach the file. It will help.

thanks for looking at this realblackstuff. i have fallowed some of your strings in the past and thay have been real helpfull.
i thought the first R1 was for a print server.
the second R1 looks to me like my satelite ISP
but this is realy way past me.

when boot without R1,s. i get halted "generic host process for win32 services" this coms up about 6 times when i go to check my email.
thanks for your time. samlhop

thanks for your time realblackstuff. i read your post on "how to remove" a lot of vary helpful stuff. am i right that the 09 line above should look like this
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html
the //wwws. looks od to me put im a neofight.
Please tack a look at this mesage that comes up when i start my pc
Data execution prevention
to help protect your computer m.s. has closed this program.
"generic host process for win32 services"
this is the what looks to me like a referince to a mini dump file that i got from yhe m.s. report.
C:\docume~1\samlhop\LOCALS~1\temp\WER5455.dir00\SVCHOST.EXE.mdmp
C:\DOCUME~1\samlhop|LOCALS~1\Temp\WER5455.dir00\appcompat.txt
shude this be a seperate post? probuble but im still stuck on the origanal mesage that my ip address was the sorce of spam. and my concern that i had what i would discribe as a (trojen or proxe mail server runing)
any direction at all would be helpfull.
thanks samlhop

Sorry, I rarely read this new members forum, because it is NOT meant to announce your problems, that's what the windows etc. forums are for!
Clean out everything in your Temp directory, regardless of whatever it is!
Then see how it goes.

I've noticed that you have a lot of anti-virus/spywaress installed. I would suggest that you run your email in another computer with one anti-virus in it and re-send all the mails that you are having problem. I think this will solve it because as for my experience it's not advisable to put a bunch of spyware, one or two is enough.